Web Farm Framework, Shared Configuration and Powershell questions RRS feed

  • Question

  • User-1911656330 posted


    I'm using Web Farm Framework to build an ARR Layer on my IIS 8.5 Webfarms. So i created one "Server Farm" for each website/virtual application that i have. Now it's on Development, so it's 1 ARR/WFF with 2 IIS 8.5 with all websites (actually 80).. i'm planning on Homologation 3 ARR/WFF with 3 IIS 8.5. So i'm just using on IIS size, DFSR + Shared Configuration to sync settings and files.

    1) This is the best option? Or it's better to create an "Master WebFarm", and set it to sync the IIS and servers? And about using Web Deploy? I would Deploy to ARR, and then it Deploy to both IIS? Now i'm deploying directly to IIS 1, and then, DFSR / Shared Configuration "do the magic".

    So i created 80 Server Farms on WFF, each one with both servers, and HealthCheck pointing to each website. And on ARR, i put the rules to send each request to it own farm.s Always using "least response time", so each website will do it's own checks.

    So i'm trying to make an Powershell script to create the Web Farms, setting the configs to the new Farm, create the ARR rules and the binding on Default Web SIte... But i can't make it work. WFF has it own cmdlets, including "New-WebFarm". But my question is about the "credentials". When i create the WebFarms by IIS Console, they not ask me user and password, and when i look at applicationhost.config, it creates an unique "RSA Key", with "adminuser" with "". Creating it with Powershell "New-WebFarm", ask me for user and password, and then, when i use "Get-WebFarm", shows my user and password in plain text.

    2) How can i create a webfarm using Powershell, to make it look the same as when i created by GUI? Now i'm working directly with Powershell editing the "applicationhost.config", adding all the fields i want to create, but i really don't like this approach.

    3) All my WebFarms now it's working well, i can view the requests, the time each one takes, the algorytm doind it's work. But when i check the "Servers" menu, it shows both servers "Ready for Load Balance? NO". But it's balancing.

    4) My feel is that Web Farm Framework will die soon... I have to make a world to get it installed... uninstall Wep PI, install the old version,and other componentes... If i have a "physical" only one WebFarm, with 2 IIS, and want to balance all websites, why WFF can't manage it at "website level" instead of "WebFarm" level?

    Thanks for help

    Friday, June 27, 2014 12:48 AM

All replies

  • User-2000422621 posted


    As per my understanding you are using WFF to sync your ARR servers and you already have shared configuration for the back end IIS servers, so that they will be always in sync. Please correct me if I am wrong.

    Now are you using WFF only to sync the server Farms i.e. Application Provisioning or you also doing Platform Provisioning. Either case I would suggest not to go with WFF as you have rightly mentioned that WFF is soon going to end. Better to use webdeploy to sync the servers or you can have shared configuration on the ARR sites as well.

    To use script you can to use appcmd as metioned in below article


    Hope this helps.



    Friday, July 11, 2014 10:47 AM
  • User-1911656330 posted

    Hi Ravindra_A, thanks for answer!

    In my case, i use WFF only to do the load balance between both IIS websites. I have 150 web applications on IIS side, on Development layer, and i'm using now 1 ARR to manage 150 WebFarms.

    My use of WFF it's to create a WebFarm for each web application, set the load balance method (least response time), and use the health check to test the web application itself. It's only because it's the way that ARR works (On URL Rewrite menu, when reach the condiction of the web application, it set the response to "Route to WebFarm xxxxxxx".

    I ending at working directly on "applicationhost.config" to manage my 150 webfarms, as they all have the SAME configuration (the only thing that change between it is the "health check URL", because each web farm has it own address).

    WFF has it owns cmdlets, but don't work as expected... For example, i create a new Web Farm from IIS management tool without enter any credential. When i try to create one Web Farm from cmdlets, it needs an credential, who after show as plain text the user and the password. So i create the webfarm without any additional information by the IIS, and then i edit the "applicationhost.config" to put my settings allright (imagine creating 15 webfarms each time, clicking and pointing the SAME thing for all).

    For the future, i will see the cmdlet to add lines directly to applicationhost.config, so i can automatate it...

    Friday, July 11, 2014 11:11 AM
  • User-2000422621 posted

    So if only Load balancing then you can use ARR without WFF. For the script I would still suggest to use appcmd.

    May be a batch script will  help.



    Monday, July 14, 2014 3:32 PM
  • User-1911656330 posted

    I can't. WFF it's part of the ARR, as the Rewrite rule sends the request to the WebFarm you choose.

    So i have 1 farm for each ARR rule. When i create a new farm, it prompts me to create an Rewrite rule for it.



    Monday, July 14, 2014 7:52 PM
  • User-2000422621 posted

    No it is not. WFF is a separate component used for provisioning (Platform and Application). It's actually ARR that allows (WFF also have it but only for provisioning) to add a server farm.

    You can follow below link to add the back end server.


    Unlike in the link you can have only one server per farm. 



    Tuesday, July 15, 2014 7:15 PM
  • User-1911656330 posted

    Sorry, but i'm confused about this.

    The link you sent it's for ARR v1. I'm using ARR v3 (http://www.iis.net/downloads/microsoft/application-request-routing)

    It's a pre-requisite for installing ARR, that you install WFF. I can't create a rewrite rule alone... 


    For example, using ARR with Exchange, they created one WebFarm for each Exchange component:

    - mail.tailspintoys.com;


    The process on ARR 3.0 it's the same as aRR 2.5, as you can view on this link. It's the same procedure i used, to create 150 application farms... For what i saw, it's the WFF part that create the "Server Farms".

    Tuesday, July 15, 2014 10:16 PM
  • User-2000422621 posted

    Ok I got it now what you saying. I am sorry about the confusion yes you are right WFF is taking care of creating the server farm.

    So did you get the PowerShell script you are looking for?



    Wednesday, July 16, 2014 8:34 AM
  • User-1911656330 posted


    Because the first cmdlet i should use, according with this:


    It's "New-WebFarm". But my problem it's with credential. Using the cmdlet, it ask me a credential, with it's mandatory. Creating using IIS don't ask me this credential. I didn't understand why asking me it.

    If i put my credentials to create the WebFarm by cmdlet, after that my username and password show as plain text when using "Get-WebFarm", as shown in the link above. That's unacceptable! If i create by IIS, don't ask me credential, and don't show anything like this on "Get-WebFarm".

    I'm thinking on a script that add lines directly to applicationhost.config, but the WebFarm has an unique ID, that i didn't understand how it's generated, so i think that it wouldn't work.

    Thanks for asking :)

    Wednesday, July 16, 2014 11:16 AM
  • User-2076647463 posted

    When you are running the IIS Manager its going to use the credentials that you signed into Windows with.  Assuming its all on the same domain, its just passing through the authentication.  As to why it must ask for user/pass on the script its also quite obvious; farm security.  You have to have some kind of security.  I dont see why this is really a problem to script past.  You can always execute your script with a dummy deadend service account in AD with the credentials saved.  I think that is the dirty hack method and really not at all recommended.  If you are talking about a beta environment behind security then what you do is create a security group, create a user that is a member of that group, set it as the primary and then remove it from Domain Users.  Make the password really complex, make it so it can't expire and can't be changed.  Execute your script with that account.  You can give that group whatever very specific access it may need to your servers.  There are other options too for executing that script with a service account.  If you setup your permissions correctly for the computer account executing the script you could use the Network Service to run your script and use it's built in password (that you never have to type).  Using the Network Service will pass through the AD Computer account credentials, shouldn't need a password at all.  Just make sure the executing server's AD Computer Account has permissions to execute your script and has permissions required to run "New-Webfarm" whatever that is.  

    For whatever that is worth :)

    Saturday, November 1, 2014 5:29 PM